GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
108,855 advisories
Filter by severity
Moodle Improper Access Control vulnerability
Moderate
CVE-2023-5542
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9....
Moderate
Unreviewed
CVE-2023-6053
was published
Nov 9, 2023
NASA Open MCT Cross Site Scripting vulnerability
Moderate
CVE-2023-45885
was published
for
openmct
(npm)
Nov 9, 2023
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-45884
was published
for
openmct
(npm)
Nov 9, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify...
Moderate
Unreviewed
CVE-2023-36688
was published
Nov 9, 2023
On Windows, The IsLocal function does not correctly detect reserved device names in some cases....
Moderate
Unreviewed
CVE-2023-45284
was published
Nov 9, 2023
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
Any value can be changed in the configuration table by an employee having access to block reassurance module
Moderate
CVE-2023-47110
was published
for
prestashop/blockreassurance
(Composer)
Nov 9, 2023
A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network...
Moderate
Unreviewed
CVE-2023-6039
was published
Nov 9, 2023
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers...
Moderate
Unreviewed
CVE-2023-47372
was published
Nov 9, 2023
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers...
Moderate
Unreviewed
CVE-2023-47369
was published
Nov 9, 2023
The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to...
Moderate
Unreviewed
CVE-2023-47367
was published
Nov 9, 2023
The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send...
Moderate
Unreviewed
CVE-2023-47370
was published
Nov 9, 2023
The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send...
Moderate
Unreviewed
CVE-2023-47368
was published
Nov 9, 2023
The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send...
Moderate
Unreviewed
CVE-2023-47366
was published
Nov 9, 2023
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send...
Moderate
Unreviewed
CVE-2023-47373
was published
Nov 9, 2023
The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send...
Moderate
Unreviewed
CVE-2023-47363
was published
Nov 9, 2023
The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to...
Moderate
Unreviewed
CVE-2023-47365
was published
Nov 9, 2023
The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send...
Moderate
Unreviewed
CVE-2023-47364
was published
Nov 9, 2023
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Affected is...
Moderate
Unreviewed
CVE-2023-6052
was published
Nov 9, 2023
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit...
Moderate
Unreviewed
CVE-2023-47612
was published
Nov 9, 2023
A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion...
Moderate
Unreviewed
CVE-2023-47613
was published
Nov 9, 2023
Duplicate Advisory: Eclipse IDE XXE in eclipse.platform
Moderate
GHSA-cc4w-3cff-j8fw
was published
for
org.eclipse.platform:eclipse.platform
(Maven)
Nov 9, 2023
•
withdrawn
chromedriver Command Injection vulnerability
Moderate
CVE-2023-26156
was published
for
chromedriver
(npm)
Nov 9, 2023
Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute...
Moderate
Unreviewed
CVE-2023-46492
was published
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API